Show patches with: State = Action Required       |    Archived = No       |   147 patches
« 1 2 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[RESEND] apparmor: Remove unnecessary NULL check before kvfree() [RESEND] apparmor: Remove unnecessary NULL check before kvfree() 1 - - --- 2024-11-07 Thorsten Blum New
tpm: Remove the documentation from tpm2-sessions.c tpm: Remove the documentation from tpm2-sessions.c - - - --- 2024-11-07 Jarkko Sakkinen New
selinux,xfrm: fix dangling refcount on deferred skb free selinux,xfrm: fix dangling refcount on deferred skb free - - - --- 2024-11-06 Ondrej Mosnacek New
[RFT,16/16] perf tools: Remove dependency on libaudit perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,15/16] perf tools: s390: Use generic syscall table scripts perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,14/16] perf tools: powerpc: Use generic syscall table scripts perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,13/16] perf tools: mips: Use generic syscall scripts perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,12/16] perf tools: loongarch: Use syscall table perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,11/16] perf tools: arm64: Use syscall table perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,10/16] perf tools: parisc: Support syscall header perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,09/16] perf tools: alpha: Support syscall header perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,08/16] perf tools: x86: Use generic syscall scripts perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,07/16] perf tools: xtensa: Support syscall header perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,06/16] perf tools: sparc: Support syscall headers perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,05/16] perf tools: sh: Support syscall headers perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,04/16] perf tools: arm: Support syscall headers perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,03/16] perf tools: csky: Support generic syscall headers perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,02/16] perf tools: arc: Support generic syscall headers perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
[RFT,01/16] perf tools: Create generic syscall table support perf tools: Use generic syscall scripts for all archs - - - --- 2024-11-04 Charlie Jenkins New
ima: kexec: Add RCU read lock protection for ima_measurements list traversal ima: kexec: Add RCU read lock protection for ima_measurements list traversal - - - --- 2024-11-04 Breno Leitao New
[lsm/dev-staging] selinux: Fix pointer use in selinux_dentry_init_security [lsm/dev-staging] selinux: Fix pointer use in selinux_dentry_init_security - - - --- 2024-11-02 Casey Schaufler pcmoore Under Review
[lsm/dev] netfilter: Use correct length value in ctnetlink_secctx_size [lsm/dev] netfilter: Use correct length value in ctnetlink_secctx_size - - - --- 2024-11-01 Casey Schaufler pcmoore Under Review
rust: security: add abstraction for secctx rust: security: add abstraction for secctx - 5 - --- 2024-11-01 Alice Ryhl New
smack: fix the smack_lsmprop_to_secctx() kdoc smack: fix the smack_lsmprop_to_secctx() kdoc - 1 - --- 2024-11-01 Paul Moore pcmoore Under Review
rust: lsm: replace context+len with lsm_context rust: lsm: replace context+len with lsm_context 1 - - --- 2024-11-01 Alice Ryhl pcmoore Under Review
[RFC,v2,14/14] landlock: Control log events with LANDLOCK_RESTRICT_SELF_LOGLESS Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[RFC,v2,13/14] landlock: Log scoped denials Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[RFC,v2,12/14] landlock: Log TCP bind and connect denials Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[RFC,v2,11/14] landlock: Log truncate and ioctl denials Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[RFC,v2,10/14] landlock: Log file-related denials Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[RFC,v2,09/14] landlock: Log mount-related denials Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[RFC,v2,08/14] landlock: Log domain properties and release Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[RFC,v2,07/14] landlock: Log ptrace denials Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[RFC,v2,06/14] landlock: Move domain hierarchy management Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[RFC,v2,05/14] landlock: Move access types Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[RFC,v2,04/14] landlock: Add unique ID generator Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[RFC,v2,03/14] landlock: Factor out check_access_path() Landlock audit support - - - --- 2024-10-22 Mickaël Salaün pcmoore New
[v2] mm: Split critical region in remap_file_pages() and invoke LSMs in between [v2] mm: Split critical region in remap_file_pages() and invoke LSMs in between - 5 2 --- 2024-10-18 Roberto Sassu pcmoore Under Review
[RFC,v3,13/13] clavis: Kunit support Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,12/13] clavis: Add function redirection for Kunit support Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,11/13] clavis: Prevent boot param change during kexec Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,10/13] efi: Make clavis boot param persist across kexec Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,09/13] clavis: Allow user to define acl at build time Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,08/13] clavis: Introduce new LSM called clavis Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,07/13] keys: Add ability to track intended usage of the public key Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,06/13] clavis: Populate clavis keyring acl with kernel module signature Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,05/13] clavis: Introduce a new key type called clavis_key_acl Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,04/13] keys: Add new verification type (VERIFYING_CLAVIS_SIGNATURE) Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,03/13] clavis: Introduce a new system keyring called clavis Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,02/13] certs: Introduce ability to link to a system key Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,01/13] certs: Remove CONFIG_INTEGRITY_PLATFORM_KEYRING check Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[v2] fsnotify, lsm: Decouple fsnotify from lsm [v2] fsnotify, lsm: Decouple fsnotify from lsm 1 - - --- 2024-10-13 Song Liu New
tomoyo: use u64 for handling numeric values tomoyo: use u64 for handling numeric values - - - --- 2024-10-12 Tetsuo Handa New
fsnotify, lsm: Separate fsnotify_open_perm() and security_file_open() fsnotify, lsm: Separate fsnotify_open_perm() and security_file_open() 1 - - --- 2024-10-11 Song Liu pcmoore Under Review
[v20,6/6] samples/check-exec: Add an enlighten "inc" interpreter and 28 tests Script execution control (was O_MAYEXEC) - - - --- 2024-10-11 Mickaël Salaün Under Review
[v20,5/6] samples/check-exec: Add set-exec Script execution control (was O_MAYEXEC) - - - --- 2024-10-11 Mickaël Salaün Under Review
[v20,4/6] selftests/landlock: Add tests for execveat + AT_CHECK Script execution control (was O_MAYEXEC) - - - --- 2024-10-11 Mickaël Salaün Under Review
[v20,3/6] selftests/exec: Add 32 tests for AT_CHECK and exec securebits Script execution control (was O_MAYEXEC) - - - --- 2024-10-11 Mickaël Salaün Under Review
[v20,2/6] security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits Script execution control (was O_MAYEXEC) - 1 - --- 2024-10-11 Mickaël Salaün Under Review
[v20,1/6] exec: Add a new AT_CHECK flag to execveat(2) Script execution control (was O_MAYEXEC) - 1 - --- 2024-10-11 Mickaël Salaün Under Review
ima: Suspend PCR extends and log appends when rebooting ima: Suspend PCR extends and log appends when rebooting - - - --- 2024-10-11 Stefan Berger pcmoore New
[v1] ipe: add 'anonymous_memory' property for policy decisions [v1] ipe: add 'anonymous_memory' property for policy decisions - - - --- 2024-10-10 Fan Wu New
[RFC,v1,7/7] tomoyo: Fix inode numbers in logs [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS - - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,6/7] smack: Fix inode numbers in logs [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,5/7] ipe: Fix inode numbers in audit records [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,4/7] integrity: Fix inode numbers in audit records [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS - - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,3/7] selinux: Fix inode numbers in error messages [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,2/7] audit: Fix inode numbers [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS - 1 - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() [RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-28 Shu Han Under Review
mm: move security_file_mmap() back into do_mmap() mm: move security_file_mmap() back into do_mmap() - - - --- 2024-09-25 Shu Han Under Review
mm: move the check of READ_IMPLIES_EXEC out of do_mmap() mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-25 Shu Han Under Review
[v4,14/14] Activate the configuration and build of the TSEM LSM. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,13/14] Implement infrastructure for loadable security models. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,12/14] Implement configuration and methods for default model. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,11/14] Implement the internal Trusted Modeling Agent. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,10/14] Implement security event mapping. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,09/14] Add event processing implementation. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,08/14] Add security event description export facility. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,07/14] Add namespace implementation. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,06/14] Implement TSEM control plane. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,05/14] Add root domain trust implementation. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,04/14] Add primary TSEM implementation file. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,03/14] TSEM global declarations. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,02/14] Add TSEM specific documentation. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[v4,01/14] Update MAINTAINERS file. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore New
[RESEND] cred: separate the refcount from frequently read fields [RESEND] cred: separate the refcount from frequently read fields - - - --- 2024-08-22 Mateusz Guzik pcmoore New
[v2,2/2] security: remove unused cred_alloc_blank/cred_transfer helpers get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
[v2,1/2] KEYS: use synchronous task work for changing parent credentials get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
cred: plug a hole in struct cred cred: plug a hole in struct cred - - - --- 2024-05-30 Mateusz Guzik pcmoore New
[v1,1/2] landlock: Fix d_parent walk Fix warning in collect_domain_accesses() - - - --- 2024-05-16 Mickaël Salaün pcmoore New
[RFC,1/2] lsm: introduce new hook security_vm_execstack [RFC,1/2] lsm: introduce new hook security_vm_execstack - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[RFC,2/2] selinux: wire up new execstack LSM hook [RFC,1/2] lsm: introduce new hook security_vm_execstack - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[10/10] coccinelle: add script for capable_any() [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[09/10] bpf: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[08/10] net: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[07/10] kernel: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 2 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[06/10] fs: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[05/10] drivers: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 2 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[04/10] block: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
« 1 2 »